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ABSTRACT- A Wireless Sensor Network (WSN) 
consists of a number of ultra small, autonomous 
and resource-constrained sensor nodes, but is 
often deployed in unattended and harsh 
environments to perform various monitoring 
tasks. The WSN is vulnerable to security threats 
and susceptible to physical capture. Thus, it is 
necessary to use effective mechanisms to protect 
the network. This paper considers a typical 
threat in the latter category known as the node 
replication attack, where an adversary prepares 
own low-cost sensor nodes and deceives the 
network into accepting them as legitimate ones. 
The technique used in static networks to find the 
replicated nodes cannot apply to the mobile 
sensor networks because the location of the node 
is not stable in a network. Only few techniques 
are proposed for mobile sensor networks. In 
existing method to detect node replication attack 
many beacon signal are sent which is costly and 
not accurate .In this paper replicated nodes are 
detected by cluster head using their velocity by 
encryption and decryption techniques. The 
advantages of our proposed algorithm include 1) 
Accuracy 2) Efficiency 3) Reduces energy 
Consumption. 

1. INTRODUCTION 

A. Wireless Sensor Networks 

The Wireless sensor network is built of nodes 
from a few to several hundreds or even thousands, 
where each node is connected to one or sometimes 
several sensors. Each such sensor network node has 
typically several parts: a radio transceiver with an 
internal antenna or connection to an external 
antenna, a microcontroller, an electronic circuit for 
interfacing with the sensors and an energy source, 
usually a battery or an embedded form of energy 
harvesting. 

B. Security Attacks in Wireless Sensor Network 

The WSN has many different types of attacks 

Flooding attack: Flooding attack is a type of 
denial of service attack in which the attacker send a 
large number of packets to the target node their by 
discontinues their communication in the network. 



Jamming attack: In jamming attack, an 
electromagnetic interference is caused in the 
frequency of the network operations and also in the 
targeted receiver so that the transmitted message is 
corrupted. 

Replay Attack: A replay attack is caused when the 
transmitted data is maliciously replayed. It is 
caused either by the originated. The forwarded 
packets are copied and repeatedly transmitted to the 
targeted node by the attacker 

Spoofing Attack: in spoofing attack, the routing 
loop is created and the routing information are 
attracted and replayed so as to complicate the 
network by the adversary. 

Sinkhole Attack: In the sinkhole attack, the base 
station is prevented from getting the information 
regarding the sensing data. It draws the attention of 
the network traffic by just advertising them as the 
trusted node or as the shortest path. 

C. Node Replication Attack 

Node replication attack is also known as clone 
attack. It exists in both the static and mobile 
Wireless sensor network. It creates an extensive 
harm to the network because the replicated node 
also has the same identity as the legitimate 
member. It is difficult to detect the replicated node 
in mobile sensor network since the location can 
vary from time to time. Node replication is done by 
adversary by compromising one sensor node and 
fabricates many replicas having the same identity 
from the captured node. 




^^^^ Replicated node 



Fig 1.1 Node replication attack 
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Fig 1.1 show the node replication attack where 
the attacker collecting information from genuine 
node to create a low cost replicated node 

It is desirable but very challenging to have 
efficient and effective distributed algorithms for 
detecting replicas in mobile sensor network. 

D. Related Works 

In mobile sensor networks many works are 
existing for node replication attack. In those papers 
they had discussed about the 1) Witness finding 
strategy 2) Setting threshold value 3) Detecting the 
nodes with same identity [11, which consume more 
energy, time and accuracy is less it cannot find the 
replicated node but it will identify the replicated 
and genuine node. So the data for both the node 
will be blocked. They send both the location and 
the signature ({L (v), sig (L (v))} where L (v) is the 
location of v, sig (L (v)) is the signature of v) to 
their neighbouring nodes which consume more 
energy and time to detect the replicated node. 
Sometimes the replication is not found in large 
networks. Clusters are formed only for stationary 
network [11] which will be more efficient for 
mobile sensor network. They found the replication 
only in a particular range [16] which cannot be 
used in mobile sensor network. A threshold value is 
set for all nodes to communicate with each other 
but some time the genuine node may have the 
necessary to communicate above the threshold so 
the accuracy is less [21. The witness-finding strategy 
exploits the fact that one sensor node cannot appear 
at different locations, but, unfortunately, the sensor 
nodes in mobile sensor networks have the 
possibility of appearing at different locations at 
different times, so the schemes in static wireless 
sensor networks cannot be directly applied to 
mobile sensor networks. Slight modification of 
these schemes can be helpful for applicability to 
mobile sensor networks. For instance, the witness- 
finding strategy can adapt to mobile environments 
if a timestamp is associated with each location 
claim. In addition, setting a fixed time window in 
advance and performing the witness-finding 
strategy for every units of time can also keep 
witness-finding feasible in mobile sensor networks. 
Nevertheless, accurate time synchronization among 
all the nodes in the network is necessary. 
Moreover, when witness-finding is applied to 
mobile sensor networks, routing the message to the 
witnesses incurs even higher communication cost. 
After identifying the replicas, a message used to 
revoke the replicas, possibly issued by the base 
station or the witness that detects the replicas, is 
usually flooded throughout the network. 
Nevertheless, network-wide broadcast is highly 
energy consuming and, therefore, should be 
avoided in the protocol design. Time 
synchronization is needed. Nevertheless, it is still a 
challenging task to synchronize the time of nodes 
in the network, even though loose time 
synchronization is sufficient for the detection 



purpose. Hence, as we know that time 
synchronization algorithms currently need to be 
performed periodically to synchronize the time of 
each node in the network, thereby incurring 
tremendous overhead, it would be desirable to 
remove this requirement. Witness-finding could be 
categorized as a strategy of cooper active detection; 
sensor nodes collaborate in certain ways to 
determine which ones are the replicas. In this 
regard, the effectiveness of witness-finding could 
be reduced when a large number of sensor nodes 
have been compromised, because the compromised 
nodes can block the message issued by the nodes 
near the replicas. Hence, the witness nodes cannot 
discover the existence of replicas. The 
effectiveness in detecting replicas, all of the 
schemes adopting witness-finding have the 
common drawback that the detection period cannot 
be determined. In other words, the replica detection 
algorithm can be triggered to identify the replicas 
only after the network anomaly has been noticed by 
the network planner. Therefore, a detection 
algorithm that can always automatically detect the 
replica is desirable. Since the existing algorithms 
are built upon several other requirements, we have 
found that the common weakness of the existing 
protocols in detecting node replication attacks is 
that a large amount of communication cost is still 
unavoidable [1]. 

The node replication attack in mobile sensor 
nodes are detected by two methods 



DETECTION METHODS 



CENTRALIZED 
DETECTION 



DISTRIBUTED 
DETECTION 



1. Centralized Detection 

In mobile sensor networks there is only one 
centralized detection method called Sequential 
Probability Ratio Test (SPRT). 

1.1 Sequential Probability Ratio Test: In SPRT 

[3], each and every time the node claims its 
location and time information to their neighbours 
and they forward it to the base station when they 
enter into a new location. 

1.2 Straight Forward Scheme: In straight forward 
scheme [41 each node has to send a list of its 
neighbours and the positions claimed by these 
neighbours to the base station, which then 
examines every neighbour list to look for replicated 
sensor nodes. In a stationary WSN, conflicting 
position claims for one node id indicates a 
replication. Once the base station spots one or more 
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replicas, it can revoke the replicated nodes by 
flooding the network with an authenticated 
revocation message. 

1.3 Fingerprint Verification: This scheme 
consists of two phases [61. In the first phase, each 
node u computes for each neighbour v e N (u) the 
fingerprint FPv, which is a reflection of v's fixed 
neighbourhood characteristics; node v itself is also 
capable of computing FPv. In the second phase, the 
legitimacy of the originator for each message is 
verified by checking the enclosed fingerprint, and 
the detection is conducted both "at the sensor 
side" (seemingly in a distributed manner by the 
notion) and at the base station. However, even the 
detection "at the sensor side" needs the base 
station to process the alarms for decision making, 
and thus the scheme is throughout centralized. 

1.4 Detecting Cloned Keys: It assumptions and 
application scenarios are quit different from other 
approaches in fact it addresses the detection of 
cloned cryptographic keys rather than cloned 
sensor nodes and falls into the category of anomaly 
detection [21. The basic idea is that in the context 
of random key pre-distribution the keys employed 
by genuine nodes should follow a certain pattern. 
Therefore it is possible to monitor the key usage as 
authentication tokens and then detect statistical 
deviations that indicate clone attack, the approach 
detects the cloned keys by node authentication 
statistics those keys whose usage exceeds a certain 
threshold are considered cloned and erased from 
the network. 

1.5 Set operation: SET logically partitionsflll the 
network into non overlapping regions respectively 
managed by leaders, and has these leaders 
respectively report to the base station all the ids of 
the nodes in the region, in the form of the subset. 
Intuitively, the "Intersection" of any two subsets of 
reports should be empty; otherwise, replication is 
detected 

2. Distributed Detection 

There are two distributed detection methods 
they are eXtremely Efficient Detection (XED) and 
Efficient and Distributed Detection (EDD) [1] 

2.1 Extremely Efficient Detection: XED has two 

steps Offline and Online step 

2.1.1 Offline Step: It has a security parameter b 
and a cryptographic hash function h(.) are stored in 
each node. Two arrays of length n which keep the 
received random number and the materials used to 
check the legitimacy of received random number. 

Two arrays are initialized to zero vectors. 

B (u) - Initialized to be empty. 

2.1.2 Online step: When two nodes u & v meet for 
first time it exchanges a random number. When v 



attempts to communicate with u next time, v should 
send the random number given by u during first 
meet. Then u check the random number given by v 
if the verification fails v will be blacklisted by u. If 
verification is success communication will be 
extended between u & v. 

The effectiveness of XED, unfortunately, heavily 
relies on the assumption that the replicas do not 
collude with each other. When replicas can 
communicate with each other, the replica can 
always share the newest received random numbers 
with the other neighbouring replicas, thus 
degrading the detection capability because multiple 
replicas are able to reply with the correct random 
number to encountered genuine nodes accordingly. 

2.2 Efficient and Distributed Detection: EDD has 

two steps offline and online steps 

2.2.1 Offline step: In the network without replicas, 
the number of times a node meets a specific node 
should be limited for a given time interval. 

2.2.2 Online step: In the network with replicas, the 
number of times a node meets a particular node 
should be greater than the threshold. 

Since the effectiveness of EDD relies on the 
fact that each node faithfully and periodically 
broadcasts its ID, a strategy called selective silence 
could be taken by the replicas to compromise the 
detection capability of EDD. 



3. PROPOSED WORK 

Assumed that sensor network consist of n 
node with node ID {1, 2, 3..., nj.The nodes are 
assumed to move with a constant velocity for a 
particular distance and then remain stationary for 
specified time. More over the nodes are assumed to 
communicate only during stationary period. The 
nodes are allowed to move randomly. The network 
is divided into clusters which are monitored by the 
respective cluster head. The cluster head maintain 
the data base which contain node ID, velocity and 
key for each node. The initial velocity of each node 
is encrypted with a key and stored as a packet in 
that particular node. Whenever a node enters into a 
cluster it should send its node id to the cluster head. 
This paper consists of two scenarios. 

1 . Replication inside a cluster 

2. Replication in different cluster 

3.1 Replication inside a cluster: when a node 
enter into a cluster it should give its id to the cluster 
head the cluster head will check for the reputation 
of that id in that cluster if there is some other node 
inside that particular cluster then the cluster will 
send a packet to those two node with the same id. 
That packet asks for the encrypted velocity from 
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those two nodes. The node will send the packet 
with the encrypted velocity when this packet reach 
the cluster head it will decrypt the packet and check 
the velocity with its database. The node with 
different velocity is identified as replicated node. 
The request from replicated node is avoided and the 
replication is broadcasted to all cluster heads. So 
the replicated node cannot get any information 
from the network. 

Fig 3.1 shows the replication inside the 
cluster. The data base has the velocity as VI for 
node 1 so the request from new node is denied. 
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Fig 3.1 Node Replication Inside A Cluster 

3.2 Replication in different cluster: : when a 
node enter into a cluster it should give its id to the 
cluster head the cluster head will check for the 
reputation of that id in that cluster if there is some 
other node inside that particular cluster. When there 
is no reputation in the same cluster the particular 
cluster head will intersect the data base of other 
cluster head to identify reputation. If there is 
reputation the cluster will send a packet to those 
two node with the same id. That packet asks for the 
encrypted velocity from those two nodes. The 
node will send the packet with the encrypted 
velocity when this packet reach the cluster head it 
will decrypt the packet and check the velocity by 
intersecting the database. The node with different 
velocity is identified as replicated node. The 
request from replicated node is avoided and the 
replication is broadcasted to all cluster heads. So 
the replicated node cannot get any information 
from the network. 



Fig 3.2 Node Replication On Different Cluster 

Fig 3.2 Show the replication in different 
cluster. The Node with id 1 send request to the 
cluster A. The cluster A does not have any node 
with node id 1 so it intersect the database with 
other clusters the cluster head B has a node with 
node id 1. After verification the request from 
replicated node is denied 



4. SIMULATION RESULTS 

The proposed work is implemented using 
Network Simulator 2.The proposed work increased 
the energy efficiency and reduces the packet drop. 
In the existing work node id and location are 
broadcasted to neighbours and when a node get 
same id with different location it is found to be 
replicated with take more energy and time. To 
overcome this proposed work formed clusters with 
a cluster head this increases the energy efficiency. 
When the neighbour nodes get the details it will 
take time to find the replication if the replicated 
node and genuine nodes are far away. In the 
proposed work cluster head alone used to find the 
replica the time taken is so less. When the 
replicated node enters a cluster its genuinely is 
identified so the packet drop is not found the packet 
is forwarded only to the genuine node. The 
accuracy of finding the replicated node is high. 
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Average energy efficiency 
0,6 



No of nodes Vs Average energy efficiency 



green line shows the packet drop in proposed work. 
Since the nodes are verified before entering the 
■cluster which avoid packet drop. As the packet 
drop become less the packet delivery ratio become 
high which is shown in the Fig 4.3 




Fig 4.1 Energy Efficiency Graph 

In the graph the X axis shows no of nodes and 
Y axis shows energy efficiency. Green line shows 
the energy efficiency of the proposed work and the 
red line shows the efficiency of existing method. 
When the number of node increase the efficiency 
goes down in existing work. In the proposed work 
the efficiency level is high compared with previous 
works. The increase in efficiency is due to the 
formation of cluster the node id is send only to 
cluster head in existing work the location and id is 
send to neighbours and the nodes are used to find 
the replication in the network. 
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Fig 4.3 Packet Delivery Ratio Graph 

In the graph X axis shows number of 
connection and Y axis shows packet delivery ratio. 
The green line shows the packet delivery ratio of 
proposed work and the red line shows the packet 
delivery ratio of existing work. The packet delivery 
ratio is high for the proposed work. 

5. CONCLUSION 
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Fig 4.2 Packet Drop Graph 

In the above graph the X axis shows the time 
and the Y axis shows the packet drop. The red line 
shows the packet drops in existing work and the 



In the proposed work formation of cluster and 
detecting replication is the main work. In the first 
method replication inside the cluster alone is found 
in order to improve the accuracy second method is 
proposed which is used to find the replication in 
different cluster too. The proposed work increased 
the efficiency and accuracy in finding node 
replication attack. 
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